mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-22 07:01:09 +02:00
332 lines
8.6 KiB
TypeScript
332 lines
8.6 KiB
TypeScript
/**
|
|
* Copyright (c) HashiCorp, Inc.
|
|
* SPDX-License-Identifier: BUSL-1.1
|
|
*/
|
|
|
|
/**
|
|
* Metadata configuration for secret and auth engines, including enterprise.
|
|
*
|
|
* This file defines and exports engine metadata, including its
|
|
* displayName, mountCategory, requiresEnterprise, and other relevant properties. It serves as a
|
|
* centralized source of truth for engine-related configurations.
|
|
*
|
|
* Key responsibilities:
|
|
* - Define metadata for all engines.
|
|
* - Provide utility functions or constants for accessing engine-specific data.
|
|
* - Facilitate dynamic engine rendering and behavior based on metadata.
|
|
*
|
|
* Example usage:
|
|
* // If an enterprise license is present, return all secret engines;
|
|
* // otherwise, return only the secret engines supported in OSS.
|
|
* return filterEnginesByMountCategory({ mountCategory: 'secret', isEnterprise: this.version.isEnterprise });
|
|
*/
|
|
|
|
export interface EngineDisplayData {
|
|
pluginCategory?: string; // The plugin category is used to group engines in the UI. e.g., 'cloud', 'infra', 'generic'
|
|
displayName: string;
|
|
engineRoute?: string; // engines that have their own Ember engine will have this route defined.
|
|
glyph?: string;
|
|
isWIF?: boolean; // flag for 'Workload Identity Federation' engines. - https://developer.hashicorp.com/hcp/docs/hcp/iam/service-principal/workload-identity-federation
|
|
mountCategory: string[];
|
|
requiredFeature?: string; // flag for engines that require the ADP (Advanced Data Protection) feature. - https://www.hashicorp.com/en/blog/advanced-data-protection-adp-now-available-in-hcp-vault
|
|
requiresEnterprise?: boolean;
|
|
isConfigurable?: boolean; // for secret engines that have their own configuration page and actions. - These engines do not exist in their own Ember engine.
|
|
isOnlyMountable?: boolean; // The UI only supports configuration views for these secrets engines. The CLI must be used to manage other engine resources (i.e. roles, credentials).
|
|
isOldEngine?: boolean; // flag for engine views, if set to true, the engine will show pre-existing page design, if not, then the new views will be used. This is temporary until all engines have been migrated to the new design.
|
|
type: string;
|
|
value?: string;
|
|
}
|
|
|
|
/**
|
|
* @param mountCategory - Given mount category to filter by, e.g., 'auth' or 'secret'.
|
|
* @param isEnterprise - Optional boolean to indicate if enterprise engines should be included in the results.
|
|
* @returns Filtered array of engines that match the given mount category
|
|
*/
|
|
export function filterEnginesByMountCategory({
|
|
mountCategory,
|
|
isEnterprise = false,
|
|
}: {
|
|
mountCategory: 'auth' | 'secret';
|
|
isEnterprise: boolean;
|
|
}) {
|
|
return isEnterprise
|
|
? ALL_ENGINES.filter((engine) => engine.mountCategory.includes(mountCategory))
|
|
: ALL_ENGINES.filter(
|
|
(engine) => engine.mountCategory.includes(mountCategory) && !engine.requiresEnterprise
|
|
);
|
|
}
|
|
|
|
export function isAddonEngine(type: string, version: number) {
|
|
if (type === 'kv' && version === 1) return false;
|
|
const engineRoute = ALL_ENGINES.find((engine) => engine.type === type)?.engineRoute;
|
|
return !!engineRoute;
|
|
}
|
|
|
|
export const ALL_ENGINES: EngineDisplayData[] = [
|
|
{
|
|
pluginCategory: 'cloud',
|
|
displayName: 'AliCloud',
|
|
glyph: 'alibaba-color',
|
|
isOldEngine: true,
|
|
mountCategory: ['auth', 'secret'],
|
|
type: 'alicloud',
|
|
},
|
|
{
|
|
pluginCategory: 'generic',
|
|
displayName: 'AppRole',
|
|
glyph: 'cpu',
|
|
isOldEngine: true,
|
|
mountCategory: ['auth'],
|
|
type: 'approle',
|
|
value: 'approle',
|
|
},
|
|
{
|
|
pluginCategory: 'cloud',
|
|
displayName: 'AWS',
|
|
glyph: 'aws-color',
|
|
isConfigurable: true,
|
|
isOldEngine: true,
|
|
isWIF: true,
|
|
mountCategory: ['auth', 'secret'],
|
|
type: 'aws',
|
|
},
|
|
{
|
|
pluginCategory: 'cloud',
|
|
displayName: 'Azure',
|
|
glyph: 'azure-color',
|
|
isOldEngine: true,
|
|
isOnlyMountable: true,
|
|
isConfigurable: true,
|
|
isWIF: true,
|
|
mountCategory: ['auth', 'secret'],
|
|
type: 'azure',
|
|
},
|
|
{
|
|
pluginCategory: 'infra',
|
|
displayName: 'Consul',
|
|
glyph: 'consul-color',
|
|
isOldEngine: true,
|
|
mountCategory: ['secret'],
|
|
type: 'consul',
|
|
},
|
|
{
|
|
displayName: 'Cubbyhole',
|
|
isOldEngine: true,
|
|
type: 'cubbyhole',
|
|
mountCategory: ['secret'],
|
|
},
|
|
{
|
|
pluginCategory: 'infra',
|
|
displayName: 'Databases',
|
|
glyph: 'database',
|
|
isOldEngine: true,
|
|
mountCategory: ['secret'],
|
|
type: 'database',
|
|
},
|
|
{
|
|
pluginCategory: 'cloud',
|
|
displayName: 'GitHub',
|
|
glyph: 'github-color',
|
|
isOldEngine: true,
|
|
mountCategory: ['auth'],
|
|
type: 'github',
|
|
value: 'github',
|
|
},
|
|
{
|
|
pluginCategory: 'cloud',
|
|
displayName: 'Google Cloud',
|
|
glyph: 'gcp-color',
|
|
isOldEngine: true,
|
|
isOnlyMountable: true,
|
|
isConfigurable: true,
|
|
isWIF: true,
|
|
mountCategory: ['auth', 'secret'],
|
|
type: 'gcp',
|
|
},
|
|
{
|
|
pluginCategory: 'cloud',
|
|
displayName: 'Google Cloud KMS',
|
|
glyph: 'gcp-color',
|
|
isOldEngine: true,
|
|
mountCategory: ['secret'],
|
|
type: 'gcpkms',
|
|
},
|
|
{
|
|
pluginCategory: 'generic',
|
|
displayName: 'JWT',
|
|
glyph: 'jwt',
|
|
isOldEngine: true,
|
|
mountCategory: ['auth'],
|
|
type: 'jwt',
|
|
value: 'jwt',
|
|
},
|
|
{
|
|
pluginCategory: 'generic',
|
|
displayName: 'KV',
|
|
engineRoute: 'kv.list',
|
|
glyph: 'key-values',
|
|
isOldEngine: true,
|
|
mountCategory: ['secret'],
|
|
type: 'kv',
|
|
},
|
|
{
|
|
pluginCategory: 'generic',
|
|
displayName: 'KMIP',
|
|
engineRoute: 'kmip.scopes.index',
|
|
glyph: 'lock',
|
|
isOldEngine: true,
|
|
mountCategory: ['secret'],
|
|
requiredFeature: 'KMIP',
|
|
requiresEnterprise: true,
|
|
type: 'kmip',
|
|
},
|
|
{
|
|
pluginCategory: 'generic',
|
|
displayName: 'Transform',
|
|
glyph: 'transform-data',
|
|
isOldEngine: true,
|
|
mountCategory: ['secret'],
|
|
requiredFeature: 'Transform Secrets Engine',
|
|
requiresEnterprise: true,
|
|
type: 'transform',
|
|
},
|
|
{
|
|
pluginCategory: 'cloud',
|
|
displayName: 'Key Management',
|
|
glyph: 'key',
|
|
mountCategory: ['secret'],
|
|
requiredFeature: 'Key Management Secrets Engine',
|
|
requiresEnterprise: true,
|
|
type: 'keymgmt',
|
|
},
|
|
{
|
|
pluginCategory: 'generic',
|
|
displayName: 'Kubernetes',
|
|
engineRoute: 'kubernetes.overview',
|
|
glyph: 'kubernetes-color',
|
|
isOldEngine: true,
|
|
mountCategory: ['auth', 'secret'],
|
|
type: 'kubernetes',
|
|
},
|
|
{
|
|
pluginCategory: 'generic',
|
|
displayName: 'LDAP',
|
|
engineRoute: 'ldap.overview',
|
|
glyph: 'folder-users',
|
|
isOldEngine: true,
|
|
mountCategory: ['auth', 'secret'],
|
|
type: 'ldap',
|
|
},
|
|
{
|
|
pluginCategory: 'infra',
|
|
displayName: 'Nomad',
|
|
glyph: 'nomad-color',
|
|
isOldEngine: true,
|
|
mountCategory: ['secret'],
|
|
type: 'nomad',
|
|
},
|
|
{
|
|
pluginCategory: 'generic',
|
|
displayName: 'OIDC',
|
|
glyph: 'openid-color',
|
|
isOldEngine: true,
|
|
mountCategory: ['auth'],
|
|
type: 'oidc',
|
|
value: 'oidc',
|
|
},
|
|
{
|
|
pluginCategory: 'infra',
|
|
displayName: 'Okta',
|
|
glyph: 'okta-color',
|
|
isOldEngine: true,
|
|
mountCategory: ['auth'],
|
|
type: 'okta',
|
|
value: 'okta',
|
|
},
|
|
{
|
|
pluginCategory: 'generic',
|
|
displayName: 'PKI Certificates',
|
|
engineRoute: 'pki.overview',
|
|
glyph: 'certificate',
|
|
isOldEngine: true,
|
|
mountCategory: ['secret'],
|
|
type: 'pki',
|
|
},
|
|
{
|
|
pluginCategory: 'infra',
|
|
displayName: 'RADIUS',
|
|
glyph: 'mainframe',
|
|
isOldEngine: true,
|
|
mountCategory: ['auth'],
|
|
type: 'radius',
|
|
value: 'radius',
|
|
},
|
|
{
|
|
pluginCategory: 'infra',
|
|
displayName: 'RabbitMQ',
|
|
glyph: 'rabbitmq-color',
|
|
isOldEngine: true,
|
|
mountCategory: ['secret'],
|
|
type: 'rabbitmq',
|
|
},
|
|
{
|
|
pluginCategory: 'generic',
|
|
displayName: 'SAML',
|
|
glyph: 'saml-color',
|
|
isOldEngine: true,
|
|
mountCategory: ['auth'],
|
|
requiresEnterprise: true,
|
|
type: 'saml',
|
|
value: 'saml',
|
|
},
|
|
{
|
|
pluginCategory: 'generic',
|
|
displayName: 'SSH',
|
|
glyph: 'terminal-screen',
|
|
isOldEngine: true,
|
|
isConfigurable: true,
|
|
mountCategory: ['secret'],
|
|
type: 'ssh',
|
|
},
|
|
{
|
|
pluginCategory: 'generic',
|
|
displayName: 'TLS Certificates',
|
|
glyph: 'certificate',
|
|
isOldEngine: true,
|
|
mountCategory: ['auth'],
|
|
type: 'cert',
|
|
value: 'cert',
|
|
},
|
|
{
|
|
pluginCategory: 'generic',
|
|
displayName: 'TOTP',
|
|
glyph: 'history',
|
|
isOldEngine: true,
|
|
mountCategory: ['secret'],
|
|
type: 'totp',
|
|
},
|
|
{
|
|
pluginCategory: 'generic',
|
|
displayName: 'Transit',
|
|
glyph: 'swap-horizontal',
|
|
isOldEngine: true,
|
|
mountCategory: ['secret'],
|
|
type: 'transit',
|
|
},
|
|
{
|
|
displayName: 'Token',
|
|
isOldEngine: true,
|
|
type: 'token',
|
|
mountCategory: ['auth'],
|
|
},
|
|
{
|
|
pluginCategory: 'generic',
|
|
displayName: 'Userpass',
|
|
glyph: 'users',
|
|
isOldEngine: true,
|
|
mountCategory: ['auth'],
|
|
type: 'userpass',
|
|
value: 'userpass',
|
|
},
|
|
];
|